How to Prepare for a Ransomware Attack

By now you’ve surely heard of ransomware, a type of cyber attack when “cyber kidnappers” take your computer or network hostage and infect a computer or computer system with a virus that locks all the files and programs. The only way to unlock the files and read them again is to use a key or code, which is given upon receipt of the ransom payment.

So how do you prepare for a ransomware attack?

Planning, planning, planning. You must have a plan and assume the worst can and will happen. According to the Herjavec Group, the amount paid out by victims of ransomware in just the first three months of 2016 came to a total of $209 million. The report suggests that at that rate, the total cost of ransomware is set to reach $1 billion for all of 2016.

Here are some quick tips:

  • Build a comprehensive backup solution, backup often, and test the solution. Backup your computer and file systems, drives, etc. in the cloud – one that will not be infected or linked to your current computer system. You may even create a full backup to a removable drive of some kind. The bottom line is if your files get encrypted, you don’t have to pay the ransom – you just restore the files. Most businesses back up, but some have not tested whether or not these backups work in an emergency.
  • Have a disaster recovery plan. If creating the backups is the beginning of the plan, have steps to continue implementation. Who will be responsible for removing the virus and reestablishing the file system? Is it someone in your IT department? Is it a contractor or third party? Always know what which steps to take – this will keep things running smoothly, and most importantly avoids a sense of panic in a tough situation.
  • Use a layered security approach, with all endpoints protected, as well as protection at the mail server and gateway. If you can stop these things from ever showing up in an end user’s mailbox, you’re ahead of the game.
  • Educate your employees. One of the most popular vehicles for ransomware is a phishing email telling the user they have an invoice that requires payment. If employees recognize such emails, they will know not to open or respond to them, but instead report them to their information security team.
  • Run risk analyses, and patch vulnerabilities, especially on browsers, browser plugins, and operating systems. Information security teams should be savvy enough to continuously run penetration tests to hunt for vulnerabilities.

Planning and taking quick action are the best ways to avoid a serious problem from ransomware. If your organization is not sure where to start, a cyber security provider like Neovera can easily help you create a cyber security strategy that will increase your cyber security posture and protect your business from the consequential costs and reputation damage caused by ransomware and other cyber attacks. So plan accordingly and take action now to make sure you’re in the clear when disaster tries to strike.

Want to Get Hacked? Use This Email Provider.

Yahoo! hasn’t had the best year: failing to disclose that hundreds of millions of accounts were leaked years ago just as your organization experiences another hack isn’t the most ideal situation. Between the countless hacks and data leaks, it seems that the security team at the online media giant is always one step behind hackers out to steal their vulnerable data. And though the latest breach involves a white-hat hacker, it just goes to show that the Yahoo! security team has a long way to go before achieving a sound cyber security standing.

Here are the details: white-hat hacker Jouko Pynnönen recently discovered a point in the Yahoo! network that allowed him access to any mail account. What’s even more disturbing is that the only action needed was to send an email carrying specific, malicious code in the message’s body to the user. Using the security vulnerability discovered by Pynnönen, hackers could sneak JavaScript code past the Yahoo! filters by incorporating it into certain display links for popular sites. Using the compromised link within the message, Pynnönen created a cross-site scripting (XSS) vulnerability. The user only has to open the email message, giving the hacker total access to their inbox.

Due to Pynnönen’s white-hat hacker status, not only are Yahoo! inboxes safe but the company also sent a reward of $10,000 after finding and fixing the bug themselves. Fortunately for Yahoo!, they are able to spend a considerable amount of money to secure their online presence with top-of-the-line protection. Since their white-hat hacker program began, they have paid out over $2 Million in bounties to more than 2,000 researchers and resolved approximately 3,000 security bugs. Though there is nothing to support that this vulnerability was exploited by harmful groups, it should push everyone to truly understand that no company, big or small, is immune to this type of situation.

While there isn’t ever a simple, blanket solution for cyber security issues, having a second or third opinion from a trusted cyber security provider is a good first step toward a protected environment. With 24×7 management and monitoring services provided by firms such as Neovera, cyber security experts are able to create a custom solution that fits your organization like a glove. Hackers will continue to come up with unique attack methods and opportunities – stay one step ahead of them with your own unique cyber security plan of attack.

Instigate a Botnet DDoS Attack

Want to make a quick buck and don’t mind breaking a few laws in the process? You’re in luck – find the right people on the Dark Web and get ready to have botnet DDoS attack source code that can take down servers with a click of a mouse. But, when we really look at the details, just how many people are able to get their hands on these attacks, and what does this mean for the safety of your company’s vulnerable data?

A few months ago, source code for the botnet DDoS attack nicknamed “Mirai” was released online. For those that aren’t familiar, the botnet DDoS attack in question is the Mirai malware, designed to scan the Internet and infect easy-to-hack devices, with the ultimate goal of controlling them in future cyber attacks. Not impressed? Consider the following: hundreds of thousands of attackers taking control of your child’s IoT-connected toy, or even your office refrigerator, and turning them into cyber attack bots. It is an unfortunate, yet very possible, reality.

The botnet DDoS attack source code is available for anyone to use. However, according to sources at Digital Shadows, the firm that discovered the source code post, many of those interested in utilizing the source code are commonly known as “skids”, slang for those who can’t hack. This is where more experienced hackers come into play – by offering paid tutorials to less-skilled attackers, they can make a few extra bucks on the side while still utilizing the very botnet DDoS attack they’re teaching others to use.

What does this mean for individuals and companies in the IoT-connected world? At the end of the day, working with cyber security experts with management and monitoring experience is essential to ensuring the continued protection of your vulnerable data. Whether your organization is big or small, for-profit or not, utilizing cyber security protection from the experts at Neovera or other firms, will give you, your employees and customers piece of mind that new cyber attacks won’t stand a chance.

Attack Your Friends to Save Your Data

Ransomware is a great tool for hackers who want to generate quick cash – by creating an infected link, file, or website, an attacker can hold a user’s computer hostage until a ransom is paid. Obviously this tactic fails if your data is properly backed up, but many don’t utilize this option due to a lack of understanding or just general disinterest. Now, a new scheme called Popcorn Time has come into play – involving not just the user, but any of their close contacts.

The new kid on the ransomware block is called Popcorn Time – side note, this is the same name used by an online service to stream movies and TV shows. While the two aren’t related in any way, it has already caused initial confusion for many researching the attacks, or who have found themselves to be victims of the ransomware. But the way Popcorn Time sets itself apart even more from existing ransomware options is that beside the option to pay for the decryption of your files, you can forgo payment in exchange for infecting others. And, considering the ransom for Popcorn Time to release the data is the $775, or 1 Bitcoin, the temptation may be too good to pass up for some caught in its web.

It will be interesting to see how many people opt for this new “payment option”, but in the meantime the obvious suggestions for dealing with the possibility of a ransomware attack still apply:

  • Don’t click on links from users you don’t know, or that look suspicious in any way.
  • Constantly educate yourself on the latest cyber security issues working their way through the online world.
  • Reconsider the security protocols you have in place and make sure that they are up-to-date.

Despite the fact that this is yet another ransomware attack that has already claimed numerous victims, one cannot dismiss the simple genius behind it. By addressing a pain point many have come to associate with ransomware attacks – paying the ransom – and giving an alternative, non-monetary option, these Popcorn Time developers are lightening their workload considerably while simultaneously catching victims “between a rock and a hard place”. As new cyber attacks crop up on an almost daily basis, cyber security firms such as Neovera continue to provide the latest protection options to both manage and monitor your protected data, whether in the cloud or onsite.

Avalanche Halted by International Forces

In one of the largest international busts of its kind, a cyber criminal infrastructure responsible for a debilitating attack called “Avalanche” is finally no more. With international support, the take-down was the result of a four-year effort with a victim count spread throughout 180 countries worldwide. Avalanche has been in use since 2009, muddying the Internet waters through phishing and malware attacks, stealing money and moving it across international borders, and botnet activity in DoS (denial of service) attacks. Though the financial industry was targeted the majority of the time, single user financial data was also a significant victim as well.

With monetary losses numbering in the hundreds of millions according to The Department of Justice, here are a few other mind-blowing statistics:

  • 4: Years spent by international government agencies, private companies and cyber security academics to track down
  • 180: Countries in which Avalanche attack victims were located
  • 30: The number of countries collaborating with private cybersecurity companies and academics
  • 5: Suspects arrested
  • 221: Servers taken offline
  • 37: Additional servers seized by law enforcement
  • 800,000: Domains seized, blocked, or disrupted by the investigating officials

To put this into perspective, normal botnet busts aim at dismantling 1,000 domains per day. Unique to the Avalanche operation is a process called sinkholing – in order to get control of the 20 malware families spread by Avalanche, sinkholing cuts off communication between the victim’s infected computer and the malicious servers. Avalanche users also took advantage of the fast-flux hosting method – the attackers were able to hide all botnet actions behind proxy IP addresses. These proxy locations would change constantly, making the attackers extremely hard to trace.

Avalanche isn’t the first attack to wreak widespread havoc on users worldwide, nor will it be the last. While it was a major actor in the online attack world, there will be others to take its place soon enough. Don’t wait until the next big attack hits your network – manage and monitor your systems now, so that you can work with your trusted cyber security service provider when your precious data is in jeopardy.

Gooligan: The Next Threat to Android Users

A new type of malware is taking aim at tens of thousands of Android devices. According to various reports, hackers are targeting Google accounts linked to Android devices at an average daily rate of 13,000 smartphones.

Considered to be the largest Google account breach to date, Gooligan – the malware in question – initiates an attack and takes control of the Android device. From there, the access allowed by Gooligan gives hackers the ability to steal Google account information, install applications from Google play, and, most troubling, install adware on the device. As was mentioned previously, an average of 13,000 devices have been affected daily, with at least 30,000 applications installed on these attacked Android devices every 24 hours.

However, before you wipe your entire phone for fear that Gooligan has taken charge, make sure to note the following: the malware targets devices running Android 4 and 5, narrowing those potentially in jeopardy to 74% of the Android device market; on top of that, the vast majority are located in Asia. Google’s lead engineer for Android security released information detailing the company’s response to Gooligan – it is thought to be the latest variant in a long line of Ghost Push applications that have wreaked havoc in some shape or form for years. Ghost Push applications are being removed from the Google Play store, as well as fake applications infected by Gooligan.

Constant education and understanding of how to protect your online presence is paramount – Gooligan attacks are being addressed quickly by Google, both when they have been discovered on a device and even before they have taken control. It plays into the larger idea of cyber security management and monitoring for everyone from the single user to larger enterprises. With 24×7 security and notification from trusted and experienced cyber security professionals at Neovera, your Android device – and any others on your network – will stay safe and protected.

Don’t Get Caught in this Amazon Phishing Scam

Just in time for the height of the holiday season – another phishing scam set to lure unsuspecting shoppers using one of the world’s largest online retailers. With a 336% increase in malicious phishing links around Thanksgiving and the holidays, hackers are hard at work to take advantage of the online shopping frenzy before the year comes to a close.

It’s not just small businesses that get hit this time of year – though 50% admit to having been breached in the past 12 months alone. According to AARP, shoppers using online retailer Amazon in Australia and the UK have reported receiving phishing scam emails from what initially seems to be the online behemoth:


The message states that there is an issue processing the order and, to make sure the details were all entered properly, to re-enter them at the link provided. The link in the phishing scam email directs the user to, frankly, a page that looks practically identical to the legitimate Amazon payment page and includes required information space for the CVV code, credit card number – everything a phishing scam perpetrator would need:


After hitting the “Save & Continue” button, users are re-directed back to the actual Amazon landing page. The targeted consumers continue their online journey none the wiser that they just gave hackers complete access to their financial online presence. With that being said, there are obviously a number of ways you can differentiate a phishing scam from a legitimate message. Let’s take a look at the warning signs from this particular phishing scam if this message happens to make its way into your inbox:

  • Do not, under any circumstances, click on the link provided in the suspicious message
  • Check your Amazon account in a separate window or tab
  • If you haven’t placed an order on Amazon, feel free to just delete the message

At one point or another, practically every active online user has encountered a phishing scam in the wild – how they react is entirely unique but ends either with a compromised network or business as usual. Whichever option has been chosen, education and understanding of the threat at hand is paramount to individual users and businesses large and small. Implementing a cyber security management and monitoring plan that keeps your employees aware of the daily threats facing your network, as well as protecting precious data, will secure your organization’s future for years to come.

Healthcare Fraud & Cyber Security: Is Your Data Safe?

Healthcare fraud is a booming business, especially considering over 80% of healthcare providers have been the unlucky victims of a cyber attack within the last year. KPMG’s “Healthcare and Cyber Security: Increasing Threats Require Increased Capabilities” sheds some light on the healthcare industry’s current cyber security actions, or lack thereof, and how they intend to stem healthcare fraud. Specifically, the survey findings highlight concern for the number of attacks experienced by hospitals and health insurance providers alike, the low level of detection and prevention, and the increased awareness for cyber security (while action is still not taken in a timely manner). As the relationship between the increased number of cyber threats and the limited ability to handle them evolves, the silver lining is that the healthcare industry seems to be making a bold effort to increase security.

Some other key facts found in the report:

  • 13% experienced more than one cyberattack a day at their organization
  • 16% say they cannot detect an attack in real time
  • 15% do not have a leader with the responsibility of information security
  • 23% said they do not have a security operations center to detect threats
  • 55% said they have trouble finding staff for their security positions
  • 86% have increased cyber security spending
  • 85% have discussed cyber security in the past year

Of course, we can’t make excuses for these organizations. These healthcare organizations and insurance companies hold very private information, and while spending has increased from previous levels, the numbers are well below what they should be. A few options to bridge this gap could be:

There is no cookie cutter response to provide protection from malicious hackers; however, each industry needs to face the demands of ever-evolving technological connectivity and the potential threats that come with it. Fortunately, expert cyber security professionals like Neovera are able to provide assistance along the way if the need should arise. We provide 24×7 cyber security management and monitoring to protect your patient and employee data, healthcare providers can rely on Neovera for expert service.

Government Demands: “Hack the Army”

The government is continuing an initiative aimed at learning more about cyber security strengths and weaknesses through an invitation-only “Hack the Army” event aimed at strengthening its online presence. As it originally began with the Pentagon hosting its own competition, government personnel have realized the value of white-hat hackers shining a light on otherwise overlooked vulnerabilities or inconsistencies.

Here are some differences between the Army and Pentagon’s hack requests: while “Hack the Pentagon” requested hackers assess static websites, Hack the Army focuses on user information for new and existing Army personnel on recruitment sites and databases. And while it is invitation-only so civilian entrants can be vetted prior to participating, military and government personnel get automatic entry. Also, it should be noted that HackerOne is continuing its partnership with Hack the Army as it did with Hack the Pentagon in order to ensure another seamless outcome.

On a larger scale, the idea of opening an organization – public or private – to hackers in order to understand their strengths and weaknesses, isn’t new but is disruptive, turning accepted thinking on its head. Standard procedure is to take a look at what could come through, implement the necessary steps to protect the network, and test said steps to make sure everything works properly. But the person who created the security protocol testing its endurance only goes so far. In order to truly understand a network’s raw vulnerabilities, some take it a step further and see the potential inconsistencies through the eyes of a hacker. Disruptive, yes, but worth it in some cases.

Now, this isn’t to say that every company needs to rush out and find a hacker to test their network; this option is just another to consider. Being as fluent as possible in the workings of the cyber security world, along with knowing your network’s inner workings is key. Outside perspectives and assistance are always acceptable tools when dealing with cyber security best practices.

Cyber Warfare: Trump’s Next Big Challenge

“Well, I think cyber security, cyber warfare will be one of the biggest challenges facing the next president…” As President-elect Donald Trump continues on his journey toward the White House, previous statements about cyber warfare from one of the highest-ranked presidential debates in history still ring true. A significant player in this year’s election cycle, it is a necessary conversation to continue, regardless of political affiliation. Cyber crime is an issue that has plagued organizations, corporations, individuals and beyond. The private sector has yet to fully embrace the severity of possible cyber warfare, and that the public sector has yet to truly catch up with the latest technology, both need to work together and separately so everything within the IoT is fully and completely secure for a more reliable experience.

Let’s look at the staggering cyber warfare facts from this year alone:

  • 1 in 5: The ratio of small businesses that fall victim to hackers every year.
  • 60: The percentage of said small businesses that go out of business within six months of the attack.
  • $551,000: The average amount spent to restore network operations after a significant data loss event.
  • 34: The percentage of security incidents caused by someone clicking on an errant link or advertisement or visiting a compromised website.
  • 36: The percentage of employees exploited via their mobile device.
  • 40: The percentage of large enterprises who are confident in their suppliers’ information security system.
  • $1 Billion: The amount of money spent freeing networks and data from the aftermath of ransomware attacks.
  • 90: The percentage of organizations that have experienced some type of external threat.
  • $942,000: The average amount enterprises spend to handle a breach in a virtual environment.

Cyber warfare, on both a large and small scale, can impact any citizen, or group of citizens, at any time. Who could forget the attack by China on the Office of Personnel Management this year that resulted in countless unencrypted pieces of data getting into the wrong hands. Cyber security protection is beyond necessary, and of the utmost importance. Given the current cyber crime landscape today, the concern is no longer IF but WHEN an organization will be attacked. Safeguard the security of your critical data by implementing a solid cyber security plan that includes monitoring and management services by cyber professionals such as Neovera. You can rest assured that we will protect your vital information from cyber threats at home and abroad.